My Joomla WebSite Phished [duplicate]

This question already has an answer here:

  • How do I deal with a compromised server? 6 answers

My website is wirten in Joomla. The provider turned it off saying it has been phished.

REQUIRES PHILIPPINES PROXY TO VIEW  IP Address:  Phishing Content: hxxps://www .officinadelle11 .it /portal/onlinebanking/verify_success.php hxxps://www .officinadelle11 .it /portal/onlinebanking/sign-in/index.php  Brand Phished: Bank of Philippine Islands (BPI Express Online) Legitimate Brand URL's: 

I checked the FTP space and surprisingly there two files I never uploaded: one is called alex.php and another is a php class for unzip. The alex.php is really a submission form with translations in russian. I aske myself: how is possible to upload files to my FTP space? The credentials are very strong…